[SOLVED] EC2 instance with Docker Container connecting to RDS Database from shell but not from website

Issue

I created an application that I wanted to deploy online. The app is stored in a directory app and I have another directory called nginx which contains an nginx server that I use as a reverse proxy to deploy the app with HTTPS. I use an AWS EC2 insance as the server and an RDS database using Postgres to store data, the two instances are connected with the vpc and all the securities groups has been created. To deploy the app I decided to containerize the application using Docker, creating two containers, one for the application and one for the nginx reverse proxy. Using docker-compose up the application is correctly built and the site can be used online deployed on the EC2 server. The problem appears when I try to use any function that involves the application talking with the database, I tried to log the response from the database and got:

error: no pg_hba.conf entry for host "<EC2 Private IPv4>", user "masteruser", database "postgres", no encryption
nodeserver_1  |     at Parser.parseErrorMessage (/usr/src/app/server/node_modules/pg-protocol/dist/parser.js:287:98)
nodeserver_1  |     at Parser.handlePacket (/usr/src/app/server/node_modules/pg-protocol/dist/parser.js:126:29)
nodeserver_1  |     at Parser.parse (/usr/src/app/server/node_modules/pg-protocol/dist/parser.js:39:38)
nodeserver_1  |     at Socket.<anonymous> (/usr/src/app/server/node_modules/pg-protocol/dist/index.js:11:42)
nodeserver_1  |     at Socket.emit (node:events:519:28)
nodeserver_1  |     at addChunk (node:internal/streams/readable:559:12)
nodeserver_1  |     at readableAddChunkPushByteMode (node:internal/streams/readable:510:3)
nodeserver_1  |     at Readable.push (node:internal/streams/readable:390:5)
nodeserver_1  |     at TCP.onStreamRead (node:internal/stream_base_commons:190:23) {
nodeserver_1  |   length: 162,
nodeserver_1  |   severity: 'FATAL',
nodeserver_1  |   code: '28000',
nodeserver_1  |   detail: undefined,
nodeserver_1  |   hint: undefined,
nodeserver_1  |   position: undefined,
nodeserver_1  |   internalPosition: undefined,
nodeserver_1  |   internalQuery: undefined,
nodeserver_1  |   where: undefined,
nodeserver_1  |   schema: undefined,
nodeserver_1  |   table: undefined,
nodeserver_1  |   column: undefined,
nodeserver_1  |   dataType: undefined,
nodeserver_1  |   constraint: undefined,
nodeserver_1  |   file: 'auth.c',
nodeserver_1  |   line: '543',
nodeserver_1  |   routine: 'ClientAuthentication'
nodeserver_1  | }

I tried to add the IP to the pg_hba.conf file inside the EC2 instance (I was not sure that this would work as the database that I want to connect with is an independent instance), but nothing changed, I tried to add security groups to the RDS instance but nothing works.

The strange thing happened when I tried to access the Database from the EC2 instance by using the shell, even if I use it inside a container I am able to connect to the database using psql command.

So the problem seems to appear only when I am trying to use the database from the application client, not from the terminal.

Solution

0. (First and foremost) Please SHOW YOUR CODE and configuration. Guessing is hard.
1. Do not use pg-protocol, use one of well known PostgreSQL drivers for Javascript/Typescript, like postgres.js or node-postgres.
2. If error message says no encryption, make sure your driver supports SSL connections and connection is established in encrypted mode.

Answered By - filiprem

Answer Checked By - Dawn Plyler (WPSolving Volunteer)